I've noticed that when a (non Drab) button is rendered by Phoenix.Html.Link.button/2 in a partial, the CSFR token isn't anymore valid after poking some assignments in the main template. Maybe it is related to #67 because according to the Phoenix documentation the button is rendered by Phoenix using a regular HTML form.
This is the test code:

# main.html.drab
<button type="button" drab="click:update_assignments">Do Poke Assignment</button>
<%= inspect @foo %>

<%= render("_sub.html", assigns) %>

# _sub.html.eex
   <%= button("Do My Action", to: my_path(@conn, :my_action) ) %>

# Commander

defhandler poke_assignment(socket, sender) do
   poke socket, foo: 42
end

If the "Do My Action" button is clicked before pressing the "Do Poke Assignment" button it works well, but after poking a value and press the button again, it raise the exception:

invalid CSRF (Cross Site Request Forgery) token, make sure all requests include a valid '_csrf_token' param or 'x-csrf-token' header

Workaround seems to be difficult because its not clear for me how to access the CSFR token, as suggested in #67 to save and set back the token, because the 'form' whose belong is not explicit.

EDIT:
Fixed some errors in the problem description